-
-
Save denisgolius/ef6d4e5bc46d6a475c0cbe7c53849682 to your computer and use it in GitHub Desktop.
OpenVPN Client Key Generator
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# | |
# OpenVPN Client Key Generation Script | |
# | |
# Author: rtfpessoa | |
# Date: 03-09-2016 | |
# | |
# Based on the guide: | |
# * https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-16-04 | |
# | |
# First argument: Client identifier | |
# Second argument: Generate key with password | |
client_key_name=$1 | |
key_with_pass=$2 | |
if [[ -z $client_key_name ]]; then | |
echo "Missing client key name!" | |
exit 1 | |
fi | |
VPN_DIR=~/openvpn-ca | |
KEY_DIR=${VPN_DIR}/keys | |
CLIENT_CFG_DIR=~/client-configs | |
OUTPUT_DIR=${CLIENT_CFG_DIR}/files | |
BASE_CONFIG=${CLIENT_CFG_DIR}/base.conf | |
mkdir -p $OUTPUT_DIR | |
chmod 700 ~/client-configs/files | |
# cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf ~/client-configs/base.conf | |
cd ${VPN_DIR} | |
source vars | |
if [[ -n $key_with_pass ]]; then | |
./build-key-pass ${client_key_name} | |
else | |
./build-key ${client_key_name} | |
fi | |
cat ${BASE_CONFIG} \ | |
<(echo -e '<ca>') \ | |
${KEY_DIR}/ca.crt \ | |
<(echo -e '</ca>\n<cert>') \ | |
${KEY_DIR}/${1}.crt \ | |
<(echo -e '</cert>\n<key>') \ | |
${KEY_DIR}/${1}.key \ | |
<(echo -e '</key>\n<tls-auth>') \ | |
${KEY_DIR}/ta.key \ | |
<(echo -e '</tls-auth>') \ | |
> ${OUTPUT_DIR}/${1}.ovpn |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# | |
# OpenVPN Client Key Revocation Script | |
# | |
# Author: rtfpessoa | |
# Date: 03-09-2016 | |
# | |
# Based on the guide: | |
# * https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-16-04 | |
# | |
# First argument: Client identifier | |
client_key_name=$1 | |
if [[ -z $client_key_name ]]; then | |
echo "Missing client key name!" | |
exit 1 | |
fi | |
cd ~/openvpn-ca | |
source vars | |
./revoke-full ${client_key_name} | |
sudo cp -f ~/openvpn-ca/keys/crl.pem /etc/openvpn |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment